Set date for signature to expire

Werner Koch wk at
Mon Jun 6 15:54:35 CEST 2005

On Sun, 5 Jun 2005 10:21:51 +0300 (EEST), Oskar L said:

> May I ask why you, or anyone, would want to do this? If I get a public key
> with a signature from someone who's key I have verified and who I trust to
> check keys properly, then why should it matter to me if that signature has

The signature gives no indication whether you trust the owner of the
key to properly (whatever this means to him or you) check the key.

You merely declare: I have verified that the information in that key
matches the person who asked me to sign it.  How this is checked is a
personal decision and that personal decision is what a third person
than uses to decide for herself on much to trust the owner of the key
to properly checking keys before signingin a key.  That information
(owner trust) is not public and not exported at all
(--export-ownertrust may be used to create a backup of this private

> expired or not? It still means the same thing; that the person who signed
> it has verified the key she/he signed.

Correct.  It states that you signed it at a certain date according to
your own policy (which you might even declare using a Policy URL).



More information about the Gnupg-users mailing list